<?
if(!ANTIHACK) die("ANTIHACK...");
$smarty->assign("baselink",$baselink);
include_once("../includes/language_vi.php");
if($_SESSION['login']==false || $_SESSION['user']=="")
{
	if(isset($_POST['log']) && isset($_POST['pwd']) && $_POST['log']!="" && $_POST['pwd']!="")
	{
		$user = addslashes($_POST['log']);
		$pass = md5(addslashes($_POST['pwd']));
		$query = query("select id,is_active from user where username = '$user' and password = '$pass'");
		if($query)
		{
			$num = numrows($query);
			if($num==1)
			{
				$r=fetch($query);
				if($r["is_active"]==1)
				{
					$_SESSION['login']=true;
					$_SESSION['user']=$user;
					$_SESSION['id']=$r['id'];
					header("location:index.php?act=home");
				}
				else
				{
					$smarty->assign("msg",$msg["account_blocked"]);
					$smarty->display("login.htm");
				}
			}
			else
			{
				$smarty->assign("msg",$msg["login_failed"]);
				$smarty->display("login.htm");
			}
		}
	}
	else
	{
		$smarty->assign("page",MODULES.$_GET['act'].".php");
		$smarty->display("login.htm");
	}
	exit;
}
else
{
	if(isset($_GET['do']) && $_GET['do']=='logout')
	{
		$_SESSION['login']=false;
		$_SESSION['user']='';
		$_SESSION['id']='';
		header("location:index.php");
	}
}
?>